| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Aug 2006 18:19:37 -0400
From: "Peter Dawson" <slash.pd@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Gmail emails issue
==>"You're wrong there, lets look at Yahoo Messenger"
Dude, screw yahoo..who cares !! Everyone here, is posting using gmail ,
including yourself !!
On 8/4/06, n3td3v <xploitable@...il.com> wrote:
>
>
>
> On 8/4/06, Stan Bubrouski <stan.bubrouski@...il.com> wrote:
> >
> > I'm reading your message in gmail and there is nothing in my temp
> > folder... not that i'd expect there to be. Gmail can't just create
> > files on your computer without your permission, it it can your
> > settings are wrong or your browser is broken. In other words if your
> > gmail mails are ending up in your temp folder your web browser is
> > putting them there... what browser are you using BTW. I'm using
> > firefox and it doesn't store my mails in the temp folder under my NT
> > account.
> >
> > -sb
>
>
> You're wrong there, lets look at Yahoo Messenger:
>
> yupdater.exe
>
> The above little executable stays in the default Yahoo Messenger directory
> and can modify any files within that directory and sub-directories, the
> yupdater.exe can create and delete any file in those directories, and has
> the power to create new files and folders on the command of Yahoo. At no
> time is there notification by Yahoo to the end-user. I've witnessed when
> Yahoo were testing their backend anti-spam system, that blank folders were
> appearing within the default Yahoo Messenger directory. If an attacker can
> hack Yahoo and control everyones yupdater.exe then Yahoo will turn into a
> very dark place.
>
> Here is another executable that does discrete little directory updates to
> your system without end-user interaction or notification:
>
> YServer.exe
>
> We tried to protest what Yahoo was doing other the years in private, and
> even thought at one point about putting out trojan horses and viruses under
> the same file names so Symantec etc would flag them as malware, although we
> didn't
>
> So yeah, Yahoo have the ability to and do infact modify your system
> without permission :)
>
> This is done randomly at Yahoo's own discretion and is seperate from
> legitmate announced Yahoo Messenger updates :)
>
> Its about time Yahoo came clean about yupdater.exe and YServer.exe instead
> of anonymously sending commands to operating systems, to modify, delete and
> create files and (or) folders without anyone knowing.
>
> No one is saying Yahoo is doing anything evil, but what if an accident
> happened? Yahoo would get its ass kicked
>
> No one can say what unexpected modifications to folder and files might do
> to individual end-user systems.
>
> Yahoo, sort yourselves out.
>
> Foul play
>
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
http://peterdawson.typepad.com
PeterDawson Home of ThoughtFlickr's
"This message is printed on Recycled Electrons."
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists